Personal Data Protection Policy
Last Revised and Effective Date: July 2, 2020
This policy explains our privacy practices regarding the collection, use, disclosure and transfer of personal information by Rammer Technologies INC, DBA as Symbl.ai, its subsidiary(ies) and/or affiliate(s) (collectively referred to as “Rammer Technologies,” Symbl, we or us).
Key objectives of this policy:
To demonstrate a set of privacy and personal data protection standards that govern Symbl’s procedures to collect, store and process personal data in a lawful manner
To provide consistent treatment of personal data throughout Symbl entities
To ensure personal data is protected from security risks
To ensure personal data is transferred or processed in a manner consistent with the applicable data protection laws and regulations
Adhere to the data protection principles of notice, choice and consent, onward transfer, security, data integrity, access, and enforcement
Personal Information that We Collect
Symbl collects and processes only such Personal Data as is adequate, relevant and limited in scope to the requirement and for a length of time that is necessary for the stated purposes of its use. The information about you that you give to us by filling in forms on our website (or other forms that we ask you to complete), giving us a business card (or similar) or corresponding with us by phone, post, email or otherwise. It may include your name, address, email address, and phone number, information about your professional role, background, and interests. If you exchange emails, phone conversations, or other electronic communications with our employees and other staff members, our information technology systems may record details of those conversations. If we have a business relationship with the organization that you represent, your colleagues or other business contacts may give us information about you such as your contact details or details of your role in the relationship. This agreement with the respective business is applicable for information generated by the use of our products and services.
Use of Personal Information
Symbl as a data controller or data processor has established the specific purposes for which Personal Data is being collected and that it’s collection and processing of Personal Data is done in a manner consistent with those stated purposes. Symbl does not utilize an individual’s Personal Data in its control, beyond the scope for which it was collected without prior written consent from the individual.
The Personal Data may be processed for purposes including without limitation for:
• Administering relationships services with various stakeholders;
• Operational purposes;
• Providing individuals with information concerning products and services which Symbl believes to be of interest;
• Compliance with any requirement of law, regulation, associations, codes that Symbl decides to adopt;
• Purpose of or in connection with, any legal proceedings for obtaining legal advice or for establishing, exercising or defending legal rights or any other purpose connected to or incidental to the purposes stated above;
• Cookies may be used to track user behaviour, etc.,
• User name, address, email, or phone number may be collected for marketing or research purposes;
• Transcripts of calls;
• Improving the performance, quality, and experience of our products and services;
•Accounting and billing/payment purposes (including to offer financing solutions to customers with our finance partners);
• Operating, administering and improving our website and premises and other aspects in which we conduct our operations;
• Recruitment purpose;
• Employment-related services;
• Contractual obligations and client services.
Legal Basis for Processing Data
We process your Personal Data when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract. Personal Information may be collected for the performance of a contract in the following circumstances:
We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights).
We obtain consent from the data subject prior to collecting, storing and processing of Personal Data wherever information processed is based on the data subject’s consent as a legal basis.
We give privacy notice detailing personal data processing and requirements in a simple format to all data subjects for whom we process data as a data controller.
Disclosure and International Transfer of Personal Data
We may disclose your personal information, where reasonably necessary for the various purposes set out above:
to your colleagues within the organization that you represent;
to service providers who process your information on our behalf, under conditions of confidentiality and data security required by law of the origin of such information;
business partners, channel partners, service partner, agents, suppliers and subcontractors for the performance of any contract we enter into with them or you;
to competent regulatory, prosecuting and other governmental agencies, or litigation counter parties, in any country or territory; orwhere we are required by law to disclose.
In those cases, where we transfer your personal information to our service providers, we will ensure that our arrangements with them are governed by relevant legal mechanisms and safeguards including data transfer agreements supported by standard contractual clauses, designed to ensure that your personal data and information is protected, on terms approved for this purpose by the European Commission and any other legal and regulatory authorities of country from where such information is originated.
Data Subject Rights: Access, Correction, Objection and Deletion
You have the right to access, correct, object or delete your Personal Data that we hold
“Symbl recognizes that data subjects have a right to request a copy of the Personal Data held by Symbl.”
If any Personal Data is found to be incorrect, the individual concerned has the right to file a request to amend, update or delete it, as appropriate. Individuals also have a right to object to the processing of their Personal Data as per the prevailing laws.
If Symbl undertakes transactions or other services that involve the processing or disclosure of Personal Data on behalf of any of our client or counterparty, it shall be the responsibility of such client or counterparty to ensure that it has all necessary authority to permit Symbl’s Technologies to process and disclose the Personal Data accordingly.
An individual has the right to object to data processing where Symbl has taken their consent for such data processing by informing the appropriate authority within Symbl.
The Personal data will be deleted from the system on request or when it has served its purpose, only after a complete evaluation of compliance with any applicable legal obligations or legitimate reasons
If you wish to exercise any of these rights (subject to applicable local laws) or have complaints about our processing of your personal information, please contact us by emailing: firstname.lastname@example.org.
Confidentiality and Security of Personal Data
Symbl has taken prudent steps to safeguard the confidentiality and security of all Personal Data including taking procedural and organizational steps to protect Personal Data from accidental or unlawful destruction and disclosure. In addition, Symbl strives to protect personally identifiable information that it maintains or disseminates so that it is not accessed or obtained by unauthorized individuals or used in unauthorized ways.
Personal Data Retention
Privacy by Design
Privacy controls are considered while designing and implementing new or existing systems or processes, based on the technologies available, cost of implementation, scope, context and purposes of collecting, storing and processing Personal Data. Symbl has implemented appropriate data-protection principles, technical and organizational measures such as data minimization, data encryption, etc. to ensure that Personal Data is secure.
Confidentiality and Security of Personal Dat
All Symbl personnel handling Personal Data have a responsibility to report any data privacy breach related incidents and any violations of this policy to the data privacy office.
With regard to Personal Information Provider may collect, receive, or otherwise process as a result of any agreements between Provider and [Customer] (or its subsidiaries or affiliates) (“Customer”), Provider agrees that it will not:
(a) Sell, rent, release, disclose, disseminate, make available, transfer, or otherwise communicate orally, in writing, or by electronic or other means, Personal Information to another business or a third party for monetary or other valuable consideration; or
(b) Retain, use, disclose, collect, sell, use, or otherwise process Personal Information for any purpose other than for the specific purpose of, and as necessary for, performing services for Customer pursuant to a written agreement(s). For clarity, Provider may not retain, use, or disclose the Personal Information for any other commercial purposes or outside of the direct business relationship between Provider and Customer.
“Personal Information” means information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, and including particular elements of “personal information” as defined under Cal. Civ. Code § 1798.140.
This CCPA Certification survives expiration or termination of any other agreement(s) that may exist between Provider and Customer (or its subsidiaries or affiliates). Existing terms in such agreement(s) remain in effect except that this CCPA Certification controls in the event of a conflict with such terms.
TRANSFERS OF CUSTOMER PERSONAL DATA
Customer acknowledges and agrees that Symbl will transfer Customer Personal Data outside of the European Union, the European Economic Area or their member states, Switzerland, and/or the United Kingdom, as part of the provisioning of Services, to countries that are not recognized by the European Commission as providing an adequate level of protection for Personal Data. The onward transfer of Customer Personal Data shall occur via the Standard Contractual Clauses. In the event it is determined that the Standard Contractual Clauses are invalidated or require changes, the parties will in good faith negotiate an alternative recognized method, as defined under GDPR.
Symbl mean and include its Affiliates and group entities.
Affiliates mean Symbl Limited, Symbl Inc., Symbl and (a) any persons or entities that, now or in the future, directly or indirectly, control, are controlled by them, or are under common control, or (b) any persons or entities that are acquired, managed, or operated by them, whether by membership, stock ownership, joint operating agreement, or other substantial relationship.
Data Protection Laws and Regulations means, General Data Protection Regulation(GDPR) 2016 / 679, as well as applicable data protection and privacy laws that exist in the United States of America, the EU, and any other country.
European Union – means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.
Personal Data under GDPR means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;
The lawful processing means that the activity is conducted in accordance with applicable national or international laws.
‘Personal information’ under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Privacy Rules) means any information that relates to a natural person, which either directly or indirectly, in combination with other information that is available or likely to be available to a corporate entity, is capable of identifying such person.
Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
Specified purpose means being clear from the outset about why we are collecting Personal Data and are transparent about our purposes with the individuals concerned.
Sensitive personal data or information under Privacy Rules—means such personal information which consists of information relating to;— (i) password; (ii) financial information such as Bank account or credit card or debit card or other payment instrument details ; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) Biometric information; (vii) any detail relating to the above clauses as provided to body corporate for providing service; and (viii) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in the public domain or furnished under law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.